Solana developers forked the liquidity hub of the widely used Serum tokensafter it was compromised on Nov. 11 by a hack of bankrupt exchange FTX, leading to a series of unauthorized transactions.
According to the developer whose pseudonym is Mango Max on Twitter, on November 12 a “verified build of the same version” has been made and deployed. Also, upgrade authority and fee revenue “has been changed and is now managed by a multi-sig controlled by a team of trusted developers”. Serum (SRM) and megaserum (MSRM) tokens, as well as fee discounts, remain unchanged and work as before.
The development took place over the weekend. Solana co-founder Anatoly Yakovenko tweeted that developers relying on serum were forking the code after the updated key was compromisedadding that many “protocols rely on serum markets for liquidity and settlements.”
Afaik, the devs that depend on serum are forking the program because the upgrade key to the current one is compromised. This has nothing to do with SRM or even Jump. A ton of protocols depend on serum markets for liquidity and liquidations.
— toly (@aeyakovenko) November 12, 2022
Apparently, developers who depend on serum are forking the program because the upgrade key of the current one is compromised. This has nothing to do with SRM or even Jump. A ton of protocols rely on serum markets for liquidity and settlements.
In a twitter threadMango Max said that the Serum upgrade key was not controlled by the DAO SRM, but by a private key connected to FTX, and no one could confirm who controlled the keys. The private key was needed to update the original version of Serum, which led the developers to fork the codesince the private key is under the control of FTX.
Mango Max also noted that:
“When I contacted a couple of people previously involved with Serum, I got responses like, ‘I wish I had more information to help you, but I really don’t.’
Liquidity providers such as Jupiter, the most popular aggregator on Solana, confirmed that they have disabled Serum as a liquidity source “due to security concerns about update authorities, and we also encourage all of our integrators to do the same.” Other projects such as Mango Markets and SolBlaze also announced the integration with the new fork..
Confirming that we turned off @ProjectSerum as a liquidity source a few hours ago due to security concerns about upgrade authorities, and we also encouraged all our integrators to do the same.
The ecosystem is working on a fork right now, and we will support it asap
— Jupiter Aggregator (@JupiterExchange) November 12, 2022
Confirming that we disabled @ProjectSerum as a liquidity source a few hours ago due to security concerns about update authorities, and we also encourage all our integrators to do the same.
The ecosystem is working on a fork right now, and we will support it as soon as possible.
As Cointelegraph reported, an attack caused $659 million in outflows from FTX and FTX US on November 11. FTX US General Counsel Ryne Miller later confirmed that lThe transactions were unauthorized and that FTX US had moved all remaining cryptocurrency to offline storage as a precaution.
A blog post from blockchain forensics firm Elliptic suggests that the drain has left several tokens in Ethereum, BNB Smart Chain, and Avalanche wiped out. Of the $663 million stolen, some $477 million is suspected to have been stolen, while the remainder is believed to have been moved to secure storage by FTX..
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.